[OpenAFS] OpenAFS + Linux +XP
Christian Ospelkaus
christian@core-coutainville.org
Fri, 23 Jan 2004 14:08:07 +0100
> >Then how about setting up a Samba PDC for a new NT domain?
>
> Yeah, that's what i'm thinking about.
>
> More precisely:
> - RedHat 9 server with openafs 1.2.11
> - use pam to authenticate against the kas server by default
> - configure Samba 3.* as PDC
>
> But I'm fuzzy about the password part.
> I know i can make Windows XP use plain text passwords, but will this
> work with a samba PDC??
The book on Samba by Lendecke says if you use plain text passwords, you use
all domain functionality.
> You mean using a windows afs client AND samba? Why should i wanne do
> that? Isn't it easier
> to do everything through samba shares?
The option to use plain text passwords and samba as an afs gateway is not
really desirable IMO. Even if it works, your Windows users will send their
password in plain text over the wire to the gateway. You give up all the
possibilities of accessing ACLs from Windows, all Windows -> AFS traffic will
have to go through one server, and you will start messing with samba
acquiring afs tokens.
> > The only trouble here is that you will have to
> >maintain both the Kerberos passwords and the SMB password hashes (probably
> > in LDAP).
>
> This is what i'm hoping to avoid by using 'pam + samba + plain text
> passwords'.
I don't know. Is anybody doing this? I think apart from the fact that if you
use plain text passwords, you loose all domain funcionality, acquiring AFS
tokens by samba might be messy...
Christian